Traditionally you use the “sendmail -q” command to flush mail queue under Sendmail MTA. Under Postfix MTA, just enter the following command to flush the mail queue:# postfix flush
OR# postfix -f
Reset RainLoop Admin Password
Edit the filedata/_data_/_default_/configs/application.ini
inside the rainloop directory.
Set the password to “12345”; Login and password for web admin panel
admin_login = "admin005"
admin_password = "12345"
Reach your rainloop web page adding?admin
at the end of the url
When you’re in, change the password to the desired one.
Adding NRPE to CentOS 7 Host
Here is what you’ll need to do to enable NRPE on your CentOS 7 Hosts.
sudo yum install epel-release
sudo yum install -y nrpe nagios-plugins-all nagios-plugins-nrpe
Then we’ll nee to edit /etc/nagios/nrpe.cfg
allowed_hosts=127.0.0.1,::1,<your server IP here>
Now our Nagios server will be able to connect and run the default commands. You can search the nrpe.cfg for command[check_users] to find where all the commands are defined and either tweak or create your own commands.
Also ensure that you have added nrpe to your firewall configuration.
sudo firewall-cmd --zone=public --permanent --add-service=nrpe
sudo firewall-cmd --list-all
Graylog 3 and Failed Elasticsearch Indices
Let’s start by listing all of the current ElasticSearch Indices. From a command prompt on the Graylog box run the following:
curl -X GET "localhost:9200/_cat/indices?v"
Output should look something like this:
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open graylog_1 U7XiaZBtT1-ZSFiZ8Afr2A 4 0 5566409 0 4.2gb 4.2gb
green open hq1_0 zt6Yqo7AQAqP2OwR1hF3wg 4 0 81 0 185.7kb 185.7kb
green open graylog_0 s33oBg-xQ52Y8OAPFDd-8Q 4 0 20000169 0 14.7gb 14.7gb
Now we’ll have to delete the failed Indices by running the following commands:
curl -X DELETE "localhost:9200/graylog_1" {"acknowledged":true}
curl -X DELETE "localhost:9200/graylog_0" {"acknowledged":true}
Now we’ll restart Graylog and Elasticsearch
sudo systemctl restart graylog-server
sudo systemctl restart elasticsearch
Now re-list the indices:
curl -X GET "localhost:9200/_cat/indices?v"
And you should see your new indices running.
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open hq1_0 zt6Yqo7AQAqP2OwR1hF3wg 4 0 81 0 185.7kb 185.7kb
green open graylog_0 H2vvP2QtQGig6ZKnXr9StQ 4 0 266
0 774.8kb 774.8kb
Active Directory Account Lockout Alerts via Powershell [Update]
In my organization we were trying to figure out an easy way to use Built-In Windows tools to be alerted when a user locks out their Active Directory account. By using Task Manager Event based tasks and some powershell scripts I was able to build a solution that is feasible when dealing with a small number of domain controllers.
You can grab the files from my GitHub repository.
github.com/djkouza/Powershell
UPDATE added features:
- Ability to select smtp server based on local subnet (for easily deploying across sites)
- E-mail sent to user whose account is locked (if E-mail present in AD)
- File attached to admin alerts with failed login events (assists in troubleshooting, especially if your DC isn’t easily accessible)
Script that you will run when event 4740 is Triggered: get_ad_locked_account.ps1
Script you can use to force an account lock event to test with: lock_account.ps1
Instructions PDF for setting up the Task Manager Event based task: Alert_on_AD_user_account_lockout
First Create a basic task
Next we will assign the trigger to an Event
Then we will assign the event the following parameters – Log: Security; Source:Microsoft Windows Security auditing; Event ID:4740
For the Action we will choose to run a program. You must run Powershell.exe and in the Parameters put -file “path to script”
That is it, you should get a summary of your settings and your good to go!